SecWiki周刊(第2期)
2014/03/10-2014/03/16
安全资讯
[新闻]  Clarifying the Origins of FireEye
http://www.fireeye.com/blog/corporate/2014/03/clarifying-the-origins-of-fireeye.html
[新闻]  NSA部署自动化项目:可根据QQ飞信锁定监控目标
http://www.youxia.org/snowden-nsa-turbine-feixin-qq.html
[新闻]  网络安全威胁周报——第201410期
http://drops.wooyun.org/news/1034
安全技术
[其它]  2014年最新国内外信息安全厂家及安全产品分类
http://www.srxh1314.com/2014-security-compan-final.html
[Web安全]  端口攻击之873端口rsync默认口令漏洞
http://www.91ri.org/8406.html
[运维安全]  极客范:Linux终端进程管理 – 10个你必须知道的命令
http://sec007.cc/1531.html
[Web安全]  BCTF Write-up:他乡遇故知
http://www.freebuf.com/articles/others-articles/28244.html
[Web安全]  个性DIY的PHPwebshell
http://x95.org/diy-php-shell-foreign.html
[运维安全]  构建故障分析平台采用python实现抓包分析数据包
http://rfyiamcool.blog.51cto.com/1030776/1374484
[运维安全]  Linux服务器的初步配置流程
http://www.ruanyifeng.com/blog/2014/03/server_setup.html
[漏洞分析]  Independent Study: Modern Windows Vulnerability Analysis & Exploit Development
http://security.cs.rpi.edu/~gaasem/winexp/IndependentStudy.pdf
[漏洞分析]  64bit OSX hacking with Metasploit
http://astr0baby.wordpress.com/2014/03/14/64bit-osx-hacking-with-metasploit/
[Web安全]  解密MSSQL链接数据库的密码
http://drops.wooyun.org/tips/1067
[新闻]  网络安全威胁周报——第201410期
http://drops.wooyun.org/news/1034
[Web安全]  Pass-the-Hash: How Attackers Spread and How to Stop Them
http://www.rsaconference.com/writable/presentations/file_upload/hta-w03-pass-the-hash-how-attackers-spread-and-how-to-stop-them.pdf
[取证分析]  Post-Snowden Forensics
http://forensicmethods.com/snowden-forensics
[新闻]  NSA部署自动化项目:可根据QQ飞信锁定监控目标
http://www.youxia.org/snowden-nsa-turbine-feixin-qq.html
[新闻]  Clarifying the Origins of FireEye
http://www.fireeye.com/blog/corporate/2014/03/clarifying-the-origins-of-fireeye.html
[漏洞分析]  BCTF Write-up 2
http://ppwwyyxx.com/2014/BCTF-writeup/
[漏洞分析]  STRUTS2的getClassLoader漏洞利用
http://drops.wooyun.org/papers/1151
[移动安全]  lusca:Application security for express apps
https://github.com/PayPal/lusca
[工具]  X-Ray for Android
http://www.xray.io/
[移动安全]  PatchDroid: Scalable Third-Party Security Patches for Android Devices
http://www.mulliner.org/collin/academic/publications/patchdroid.pdf
[漏洞分析]  深夜调试某浏览器堆损坏的小记录
http://drops.wooyun.org/papers/1026
[视频]  Learn Pentesting Online
http://www.pentesteracademy.com/topics
[移动安全]  Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG
http://mista.nu/research/early_random-slides.pdf
[设备安全]  2014工业控制系统的安全研究与实践
http://www.nsfocus.com/report/NSFOCUS_ICS_Security_Report_20140311.pdf
[恶意分析]  趋势科技2月移动客户端病毒报告
http://blog.csdn.net/iqushi/article/details/21019119
[漏洞分析]  Pwn2Own 2014: The lineup
http://www.pwn2own.com/2014/03/pwn2own-2014-lineup/
[漏洞分析]  Exploiting privacy: Surveillance companies pushing zero-day exploits
https://www.privacyinternational.org/blog/exploiting-privacy-surveillance-companies-pushing-zero-day-exploits
[Web安全]  php is_numberic函数安全吗
http://www.leesec.com/archives/313
[编程技术]  知道创宇研发技能表v2.2
http://blog.knownsec.com/Knownsec_RD_Checklist/v2.2.html
[设备安全]  The Future is Now: Car Hacking
http://resources.infosecinstitute.com/future-now-car-hacking/
[书籍]  The Browser Hacker's Handbook
http://vdisk.weibo.com/s/GQfAKMM4ASbK
[Web安全]  BCTF Writeup
http://drops.wooyun.org/papers/1071
[运维安全]  Linux下的常见错误配置
http://www.freebuf.com/articles/system/27982.html
[设备安全]  SOAP: The Home Automation Router And Kickstarter Scam
http://hackaday.com/2014/03/07/soap-the-home-automation-router-and-kickstarter-scam/
[工具]  Pipal:Password Analyser
http://www.digininja.org/projects/pipal.php
[漏洞分析]  BCTF write_up
http://icefishwp.sinaapp.com/?p=484
[运维安全]  header的安全配置指南
http://drops.wooyun.org/tips/1166
[会议]  Fluent 2014 Speaker Slides Video
http://fluentconf.com/fluent2014/public/schedule/proceedings
[Web安全]  WordPress XML-RPC PingBack Vulnerability Analysis
http://blog.spiderlabs.com/2014/03/wordpress-xml-rpc-pingback-vulnerability-analysis.html
[数据挖掘]  安全领域中的大数据分析
http://www.infoq.com/cn/articles/bigdata-analytics-for-security
[恶意分析]  Pandemonium: Nation States, National Security, and the Internet
https://www.ccdcoe.org/publications/TP_Vol1No1_Geers.pdf
[Web安全]  meterpreter初探
http://www.coolhacker.org/?p=1563
[杂志]  《安全参考》201403-15
http://pan.baidu.com/s/1jGuntJK
[漏洞分析]  CVE-2014-0301 Analysis
http://blog.carterjones.info/posts/2014/03/14/cve-2014-0301-analysis
[其它]  云计算加速可穿戴设备落地文档
http://vdisk.weibo.com/s/BRdF1FcjqjGq4/1394523053
[编程技术]  Web 开源库
http://blog.daimajia.com/?page_id=72
[其它]  Theoretical Methodology for Detecting ICMP Reflected Attacks: SMURF Attacks
http://resources.infosecinstitute.com/theoretical-methodology-detecting-icmp-reflected-attacks-smurf-attacks/
[漏洞分析]  BugsCollector
http://bugscollector.com
[编程技术]  Python高级编程技巧
http://blog.jobbole.com/61171/
[无线安全]  WiFI APT - File transfer with Wireless exfiltration protocol
http://www.youtube.com/watch?v=4nCoVhryang
[恶意分析]  f-secure:Threat Report covering the second half of 2013
http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2013.pdf
[其它]  安全扫描工具Nmap引擎理解文档
http://www.freebuf.com/articles/system/28408.html
[恶意分析]  Analysis of, Malware from the MtGox leak archive
http://www.securelist.com/en/blog/8196/Analysis_of_Malware_from_the_MtGox_leak_archive
[其它]  使用OpenSSH证书认证
http://drops.wooyun.org/tips/1055
[其它]   Leveraging Threat Intelligence in Security Monitoring
https://securosis.com/assets/library/reports/Securosis_ThreatIntelSecurityMonitoring_FINAL.pdf
[编程技术]  Learn regular expressions in about 55 minutes
http://qntm.org/files/re/re.html
[移动安全]  droidsec:Android Whitepapers
https://github.com/droidsec/droidsec.github.io/wiki/Android-Whitepapers
[编程技术]  MySQL 到 MongoDB 的迁移
http://danqingdani.blog.163.com/blog/static/1860941952014214112153146
[移动安全]  Steal WhatsApp database (PoC)
http://bas.bosschert.nl/steal-whatsapp-database/
[会议]  黑帽(亚洲)大会议题汇总
http://blackbap.org/post/Blackhat_Asia
[其它]  Elektron – 构建新一代高性能金融数据网络
http://www.infoq.com/cn/presentations/construction-of-a-new-generation-high-performance-financial-data-network
安全专题
一些Android资源
https://www.sec-wiki.com/topic/40
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第2期)